Encryption: It's not just for banking anymore

What if Hillary Clinton used encrypted email?

Okay, last election reference, promise. But every day somebody’s private emails are being made public, often causing more damage than mere embarrassment. If your livelihood depends on keeping your communications private, you should think about encrypting all your business communications and business documents. Here’s a quick rundown of services for encrypting your email and the files you store online.

The preliminaries: HTTPS Everywhere and Privacy Badger

The Electronic Frontier Foundation offers two free browser extensions that go a long, long way toward protecting your online privacy. HTTPS Everywhere makes sure you’re using a secure HTTPS connection whenever possible – even when the sites you’re visiting try to use an unencrypted HTTP connection. The program works with the Firefox, Google Chrome, and Opera browsers.

Privacy Badger blocks ads and trackers in a different way than the ad-blocking extension I usually recommend, AdBlock Plus. One big difference is that Privacy Badger doesn’t show the “acceptable ads” that AdBlock Plus lets through. The acceptable ads generate some revenue for the company, but some critics claim the policy is a form of extortion, even though the company charges only large companies.

Another technical difference between AdBlock Plus and Privacy Badger is that the latter starts slowly, blocking ads and trackers only after determining that they pose a threat to your privacy. The way I look at it, either Privacy Badger or AdBlock Plus will serve to keep the ads and trackers at bay.

If you just want to encrypt only the contents of a message rather than the entire communication, you can type the message into the text window on the InfoEncrypt site, enter a password, and click the Encrypt button. Then either copy the encrypted version of the message, or request a link you can send to the recipient. I tested the link approach, and when the email containing the link arrived, I clicked it to open the encrypted version on InfoEncrypt. After I entered the password, the message was decrypted. As they say in the infomercials, it’s just that easy.

The service warns that if you lose or forget the password, the message can’t be recovered because the company keeps only the encrypted version on its servers. Also, the encrypted message will be retained only for 90 days, which can be a good thing if you don’t want to leave any traces. It’s not so good if you want to archive all your messages, even the encrypted ones.

If you’re looking for a way to keep a lid on all your email, the How-to Geek lists about a dozen encrypted email services. Back in 2011, I reviewed PrivacyHarbor.com and Hushmail; you’ll find the full reviews on CNET. The first of the two is no more, but Hushmail is still offering a personal account for $50 a year that uses an address ending in “@hushmail.com”. If you want to use an address on your own domain, you can sign up for a small-business account, which costs from $6 a month, plus a one-time $10 setup fee.

If you’re the do-it-yourself type, you can encrypt your messages using OpenPGP or S/MIME, as described by PC World’s Eric Geier in an April 25, 2012, article. When you apply your own encryption, you have to install a security certificate on your computer, and the recipient has to do likewise before you can send and receive encrypted messages. You also have to give your contacts the public key they’ll need to decrypt the messages you send them.

Encrypted online storage options abound

It has been seven years since I first wrote about the SpiderOak encrypted online storage service. That article from 2009, “Three approaches to online encrypted storage,” also described CryptoHeaven and SwissDisk, but SpiderOak was the service I preferred. Unfortunately, SpiderOak no longer offers a free version, although SwissDisk does. SpiderOak One now costs from $12 a month for up to 1TB of encrypted storage.

I’ve come to prefer another encrypted storage service: Tresorit, which I wrote about for CNET back in 2013. That service has also shut down its free-account offer, and a Personal account costs $30 a month for up to 1TB of encrypted storage. Unlike some encrypted-storage services, both SpiderOak and Tresorit put the encryption keys in your hands, which means the services never have access to the decrypted versions of your files.

Another option for encrypted online storage is Boxcryptor, which I wrote about for CNET back in 2013. The free version of Boxcryptor limits you to one cloud provider (the service supports Google Drive, Box, OneDrive, and DropBox), and only two devices. An unlimited Boxcryptor account costs $48 per year.

Do you really need to go the VPN route?

When I worked remotely, I always used a secure virtual private network to sign into the company network. A VPN creates a tunnel through which your data travels over the internet to prevent anyone from intercepting it. I used to think that VPN connections were overkill for everyday networking, but now I’m not so sure.

Consider that many computer security experts always connect to the internet via a VPN. John C. Dvorak insists in a March 23, 2016, article on PC Magazine that VPNs have become a necessity, especially if you use public Wi-Fi on your phone or computer. Dvorak claims VPNs no longer slow down your data transmissions the way they used to, although you have to make sure you’re dealing with a “legitimate” VPN service. Unfortunately, Dvorak doesn’t mention any legit VPNs by name.

In a September 13, 2016, article the Huffington Post’s Toby Nwazor looks at five VPN services priced from $7 a month/$40 a year to $13 a month/$100 a year. Free VPN services are not recommended because they are slow and usually cap the amount of data you can send each day or month. Also, as Nwazor points out, the “free” services have to make money somehow, and that often means they collect and sell your personal information, which kinda goes against the whole privacy thing.

--------------------------------------------------------

What happened to my week off?

This was supposed to be the Weekly I give myself a birthday present: I get to write about anything I want. Who’d of thought, what I really wanted to write about this week is the importance of encryption. Hmm. Sometimes I don’t recognize myself anymore.